chore(deps): update dependency snyk to v1.1064.0 #6

mend-for-github-com · 2023-11-01T13:07:48Z

This PR contains the following updates:

Package	Type	Update	Change
snyk	dependencies	minor	`1.434.3` -> `1.1064.0`

By merging this PR, the issue #10 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Critical	9.8	CVE-2023-42282	Reachable
Critical	9.1	CVE-2021-28918	Reachable
High	8.8	CVE-2024-48964
High	8.1	CVE-2021-23406	Reachable
High	8.1	CVE-2021-23406	Reachable
High	7.8	CVE-2022-40764	Reachable
High	7.5	CVE-2020-26301	Reachable
High	7.5	CVE-2021-23490	Unreachable
High	7.5	CVE-2021-33502	Unreachable
High	7.5	CVE-2021-3807	Unreachable
High	7.5	CVE-2021-3807	Unreachable
High	7.3	CVE-2020-7788	Unreachable
High	7.3	CVE-2020-7788	Unreachable
High	7.3	CVE-2022-48285	Reachable
High	7.3	CVE-2022-48285	Reachable
Medium	5.8	CVE-2022-24441	Reachable
Medium	5.3	CVE-2021-23362	Reachable
Medium	5.3	CVE-2021-23362	Reachable
Medium	5.3	CVE-2021-23413	Reachable
Medium	5.3	CVE-2021-23413	Reachable
Medium	5.3	CVE-2021-29418	Reachable
Medium	5.3	CVE-2022-25881	Unreachable
Medium	5.3	CVE-2022-33987	Unreachable
Medium	5.3	CVE-2022-33987	Unreachable
Medium	5.3	CVE-2023-0842	Reachable
Medium	5.3	CVE-2023-26115	Unreachable
Medium	5.3	CVE-2024-4067	Reachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable
Medium	5.0	CVE-2022-22984	Unreachable

Release Notes

snyk/snyk (snyk)

`v1.1064.0`

Compare Source

Bug Fixes

escape child process arguments (80d97a9)

`v1.1063.0`

Compare Source

Features

base64 default for sast analysis (369fe11)
support sev.threshold for unm.-deps (cc329fd)

`v1.1062.0`

Compare Source

Bug Fixes

use lenient config in gradle plugin (afc1ccb)

`v1.1061.0`

Compare Source

Features

upgrade snyk-iac-test to v0.37.0 (ef864be)

`v1.1060.0`

Compare Source

Bug Fixes

update snyk-docker-plugin (cc200eb)

`v1.1059.0`

Compare Source

Bug Fixes

bump snyk-gradle-plugin to 3.24.5 (a75faaf)

`v1.1058.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.36.5 (71e8ba5)

`v1.1057.0`

Compare Source

`v1.1056.0`

Compare Source

Bug Fixes

improve go file path determination (f426bdb)

`v1.1055.0`

Compare Source

Bug Fixes

restore env proxy launching snyk-iac-test (fec034b)
support unmanaged for ide plugins (9746d20)

`v1.1054.0`

Compare Source

Bug Fixes

update snyk-docker-plugin (a638be2)

`v1.1053.0`

Compare Source

Bug Fixes

certificate issue for golang plugin (540b32c)

`v1.1052.0`

Compare Source

Features

improve errors for cloud context (0ddc517)

`v1.1051.0`

Compare Source

Bug Fixes

apps create command (8544c06)

`v1.1050.0`

Compare Source

Bug Fixes

remove allow analytics check for share results (4bac957)

`v1.1049.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.36.2 (d37581b)

`v1.1048.0`

Compare Source

Bug Fixes

in sbt plugin inspect: filter out configs that are not public (a1df508)

Bug Fixes

check of incorrect environment variable (1c863bb)
do not proxy traffic to sockets (a2cbec3)

Features

disable container app scan with feature flag (39fcaf2)

`v1.1044.0`

Compare Source

Bug Fixes

add innerError to CLI analytics as error-details (c6e92d9)
use body in 403 error innerError if body.stack is empty (2eb1a24)

Features

Upgrade snyk-iac-test to v0.36.1 (53dfb7a)

`v1.1043.0`

Compare Source

Bug Fixes

relax conditions for sbt plugin inspect (a201a61)

`v1.1042.0`

Compare Source

Bug Fixes

Errors from snyk-iac-test should not be swallowed (b02372d)

Features

@snyk/fix: pipenv support for version 2022.* (74d0829)

`v1.1041.0`

Compare Source

Bug Fixes

reduce scala script output size (f3ea1ce)

`v1.1040.0`

Compare Source

Bug Fixes

Invoke snyk-iac-test asynchronously (1a5e734)

`v1.1039.0`

Compare Source

Features

new cloud context flag --snyk-cloud-environment (e5528cf)
Upgrade snyk-iac-test to v0.35.1 (73da9cb)

`v1.1038.0`

Compare Source

Features

add error code to iac json output (4d08086)

`v1.1037.0`

Compare Source

Bug Fixes

fixing typo to trigger a failed release (6f49a08)

`v1.1036.0`

Compare Source

What's Changed

chore: preserve system proxy in golang cli by @PeterSchafer in https://github.com/snyk/cli/pull/4159
feat: Upgrade snyk-iac-test to v0.34.1 by @francescomari in https://github.com/snyk/cli/pull/4160
restore system proxy for describe by @moadibfr in https://github.com/snyk/cli/pull/4158

Full Changelog: snyk/cli@v1.1035.0...v1.1036.0

`v1.1035.0`

Compare Source

Features

do not download bundle in cli (d339015)
IaC --report smoke testing (48f2e93)

`v1.1034.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.33.5 (c318f06)

`v1.1033.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.33.4 (ea931d1)

`v1.1032.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.33.3 (f0ada01)

`v1.1031.0`

Compare Source

Bug Fixes

identify gradle projects by path not name (284c8aa)

`v1.1030.0`

Compare Source

Features

use in_progress in unmanaged resp. (84a1bb3)

`v1.1029.0`

Compare Source

`v1.1028.0`

Compare Source

`v1.1027.0`

Compare Source

Features

Upgrade snyk-iac-test to v0.33.1 (8f49d27)

`v1.1026.0`

Compare Source

Bug Fixes

remove reachability from plugins (cdebec7)

`v1.1025.0`

Compare Source

Features

update code client (a30958c)

`v1.1024.0`

Compare Source

`v1.1023.0`

Compare Source

Bug Fixes

Ignored issues count displays "undefined" (962df51)

`v1.1022.0`

Compare Source

Bug Fixes

do not check stderr output in IaC smoke tests (55cbba0)

Features

use short link to the Integrated IaC docs (8fd823d)

`v1.1021.0`

Compare Source

Bug Fixes

remove gradle matching config error (401c0f0)

Features

add flag to exclude app vulnerabilities (5d704e2)
print warning message on app-vulns enablement (9216c49)

`v1.1020.0`

Compare Source

`v1.1019.0`

Compare Source

Bug Fixes

use @snyk/child-process package without shell (2d8845d)

Features

windows: renew code signing certificate (ff063f1)

`v1.1018.0`

Compare Source

Features

add an info message to the new iac test command (533db99)

`v1.1017.0`

Compare Source

Features

Update feature gating for new IaC Integrated experience (72bed38)

`v1.1016.0`

Compare Source

Bug Fixes

unmanaged scan unknown archives (5821ed4)

`v1.1015.0`

Compare Source

Features

refactor and add tests on gradle plugin (239d4ab)

`v1.1014.0`

Compare Source

Features

container support for deleted files (cc8edfb)

`v1.1013.0`

Compare Source

Features

new version to update url docs link (bd063e3)

`v1.1012.0`

Compare Source

Features

pass snykHttpClient to plugin.inspect (17b1273)

`v1.1011.0`

Compare Source

Bug Fixes

improve cpp-plugin performance on windows (b5f6770)

`v1.1010.0`

Compare Source

Bug Fixes

added check for existing key in loop (04c00bc)

`v1.1009.0`

Compare Source

`v1.1008.0`

Compare Source

`v1.1007.0`

Compare Source

Bug Fixes

upgrade go-httpauth to support basic auth (875f0e9)

Features

add unmanaged service test call ff (55b6fbb)

`v1.1006.0`

Compare Source

Features

show Cloud Issues URL when sharing results with snyk iac test (9e1f2d7)

`v1.1005.0`

Compare Source

Bug Fixes

iac test result undefined (c1e289d)
update snyk-docker-plugin to fix CGo binaries issue (4db2a46), closes #456

Features

add support for an HTTP proxy when using snyk-iac-test (3f82971)

`v1.1004.0`

Compare Source

Features

share results with the Cloud API (17c7bac)

`v1.1003.0`

Compare Source

Bug Fixes

container python app scan performance issues (a8732a6)

Features

can override IaC experimental bundle (7da75f1)

`v1.1002.0`

Compare Source

Features

IaC context-suppressed issue count (bb18d47)

`v1.1001.0`

Compare Source

Features

pass the org public ID to snyk-iac-test (e70e43d)

`v1.1000.0`

Compare Source

Bug Fixes

container python app scan errors (91ce029)

`v1.999.0`

Compare Source

Features

container Go binary scan (47af5ca), closes #447

`v1.998.0`

Compare Source

Features

cloud context for IaC tests (b9c1a10)
container python app scan (3609d7d)
create temp filepath for iac engine to write results (12d8e57)
custom message for IaC cloud context errors (b5833a2)

`v1.997.0`

Compare Source

Bug Fixes

For Gradle multi-module projects filter subprojects on unique path not name (db21498)

`v1.996.0`

Compare Source

Bug Fixes

bump golang plugin version (8893f81)

Features

add --var-file support (537372d)

`v1.995.0`

Compare Source

Bug Fixes

matching configurations error on gradle version catalog (20dcdae)

`v1.994.0`

Compare Source

Bug Fixes

more IaC error codes (e0227c3)

Features

add custom severities to iac test config (9d86574)
add ignore count in the experimental version of iac test (d390ca2)
Added support for depth-detection (8cf1815)

`v1.993.0`

Compare Source

Features

add scan flag support (53951fc)

`v1.992.0`

Compare Source

Bug Fixes

--target-name bug (3431f79)
Spacing for issue descriptions with custom rules (29b2fdb)

`v1.991.0`

Compare Source

Features

add report summary (d8e4ea8)
pass policy (.snyk) to iac-test via the config file. (6d3ad76)

`v1.990.0`

Compare Source

Bug Fixes

none custom policies severity issues should be filtered out before sending them to registry (4acacd2)

`v1.989.0`

Compare Source

Bug Fixes

downgrade snyk-go-plugin to 1.19.0 (4643026)
increase buffer size (8079fe3)
update golang plugin (a0e30d9)
upgrade-docker-registry-v2-client (275afb1)

Features

pass remote-repo-url arg to snyk-iac-test (18e8c87)

`v1.988.0`

Compare Source

Bug Fixes

return exit code 3 when no resources can be found (9d2e41f)
upgrade docker-registry-v2-client lib (374ba55)

Features

pass target-name arg to snyk-iac-test (4352122)
stop caching rules (71c866e)

`v1.987.0`

Compare Source

Bug Fixes

correct broken URLs for license issues (8a46931)
Ensured the test spinner stops (5d9d15f)

Features

remove reachability (5500e25)
scan maven aggregate projects (019bc45)
share cache path with IaC plugin (e254c0c)
update snyk-iac-test to 0.18.1 (379fe0c)

`v1.986.0`

Compare Source

Bug Fixes

wrong 2x count of iac issues with --report -multi-doc yaml (06da34e)

`v1.985.0`

Compare Source

Bug Fixes

Fixed incomplete CC path when missing resource attributes (6a4480c)
missing release in package version string (dcb40ab)
upgarde docker-registry-v2-client lib (5de3cb1)

Features

introduce —about flag to print attribution information (60eaec8)
pass projectTags arg to snyk-iac-test (ae70c1e)

`v1.984.0`

Compare Source

`v1.983.0`

Compare Source

Bug Fixes

use FormattedPath (2ebfb71)

Features

add project attributes support in --experimental (08791f8)
Implement AnyAuth Proxy Authentication support (467b621)

`v1.982.0`

Compare Source

Bug Fixes

upgrade docker plugin to improve stream parsing (a59d8e4)

Features

pass configuration to snyk-iac-test (6fb5992)
upgrade snyk iac test to 0.13.1 (ce7103e)

`v1.981.0`

Compare Source

Bug Fixes

Add missing IaC issue props in JSON output (da3a671)

`v1.980.0`

Compare Source

Features

improve maven debug logging (a0cdcfc)

`v1.979.0`

Compare Source

Bug Fixes

handle gradle strict lock mode (8905252)

`v1.978.0`

Compare Source

Features

add SARIF support (CFG-1993) (622c8f4)

`v1.977.0`

Compare Source

Bug Fixes

container app vulns json with experimental flag (332d87b)

Features

add deprecation message to test command (7f191b5)

`v1.976.0`

Compare Source

Features

improve comment handling for SBT scans (cf862b9)

`v1.975.0`

Compare Source

Features

add test summary section to the experimental output (b708086)

`v1.974.0`

Compare Source

Features

add 'target-name' flag support (6305c3d)

`v1.973.0`

Compare Source

Bug Fixes

vuln links using demunge (01154c9)

Features

add --remote-repo-url to "iac test" (2a12048)
update general vuln descriptions to point to pvdb (ad80d74)
update spotlight vuln descriptions (f536c9d)

`v1.972.0`

Compare Source

Bug Fixes

handle errors from /share-results (5871079)

Features

Add support for severity threshold (6833389)

`v1.971.0`

Compare Source

Features

snyk-iac-test error handling (3b3fa89)

`v1.970.0`

Compare Source

`v1.969.0`

Compare Source

Features

officially support Gradle 7 scanning (314dc96)

`v1.968.0`

Compare Source

Features

remove support for paths outside the current working directory (5ca35c1)

`v1.967.0`

Compare Source

Bug Fixes

bump snyk docker plugin version golang fixes (8d55bcd), closes #3433

`v1.966.0`

Compare Source

Bug Fixes

bump cloud-config-parser (38502ed)

`v1.965.0`

Compare Source

Bug Fixes

return paths for files that errrored (IaC) (d53afde)

`v1.964.0`

Compare Source

Features

add JSON support (4c636da)
bump snyk-iac-test version (0599c71)
improve Snyk API URL configuration (5a0bcbe)

`v1.963.0`

Compare Source

Bug Fixes

cli output adjustment (b8e7f65)

`v1.962.0`

Compare Source

Bug Fixes

typo in IaC v2 --report output (a22ab2e)

Features

container json response with app vulns (8aba337)

`v1.961.0`

Compare Source

Bug Fixes

move checkPaths() function out of main() (503d64c)

`v1.960.0`

Compare Source

Bug Fixes

fix parser error in tfplan parser (1976175)

`v1.959.0`

Compare Source

Bug Fixes

--experimental acceptance test (bb0665a)
isArchive() (52b63a5)
sarif output for iac (76bbfb9)

Features

download rules bundle (c86ebf2)

`v1.958.0`

Compare Source

Bug Fixes

bump driftctl (dae3c8e)
reduce default snyk-gradle-plugin logging (6e26bdc)

`v1.957.0`

Compare Source

Bug Fixes

wrong dependencyCount in support of snyk-to-html (1065dd9)

`v1.956.0`

Compare Source

Bug Fixes

support HTTP(S) proxies in iac-test (3ac3ad0)

`v1.955.0`

Compare Source

Bug Fixes

also add HTTP_PROXY environment variable (78d0602)

Features

add support for requirements.txt files with BOM encoding (d31974f)
support for unmanaged snyk-to-html (83b4f6a)

`v1.954.0`

Compare Source

Features

add additinal arguments ability for go projects (7c915d4)

`v1.953.0`

Compare Source

Features

remove gradle-accept-legacy-config-roles flag (b4164e8)

`v1.952.0`

Compare Source

Bug Fixes

cwd error (b17ed2c)

`v1.951.0`

Compare Source

Features

remove report command from snyk iac (9cd5813)

`v1.950.0`

Compare Source

Features

prune across Gradle dep-graph (44f75ff)

`v1.949.0`

Compare Source

Bug Fixes

include the custom rules warning if feature flag is not enabled (44e892b)

`v1.948.0`

Compare Source

Features

upgrade to [email protected] (5b66290)

`v1.947.0`

Compare Source

Bug Fixes

IaC issue info when impact or description are missing (e785a64)
re

mend-for-github-com · 2023-11-01T13:16:16Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

/opt/buildpack/tools/yarn-slim/1.22.19/lib/node_modules/yarn/lib/cli.js:46288
  let {
      ^

SyntaxError: Unexpected token {
    at exports.runInThisContext (vm.js:53:16)
    at Module._compile (module.js:373:25)
    at Object.Module._extensions..js (module.js:416:10)
    at Module.load (module.js:343:32)
    at Function.Module._load (module.js:300:12)
    at Module.require (module.js:353:17)
    at require (internal/module.js:12:17)
    at Object.<anonymous> (/opt/buildpack/tools/yarn-slim/1.22.19/lib/node_modules/yarn/bin/yarn.js:24:13)
    at Module._compile (module.js:409:26)
    at Object.Module._extensions..js (module.js:416:10)

mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 1, 2023

mend-for-github-com bot force-pushed the whitesource-remediate/snyk-1.x-lockfile branch from ed21c87 to 89a5793 Compare November 1, 2023 13:15

mend-for-github-com bot force-pushed the whitesource-remediate/snyk-1.x-lockfile branch 3 times, most recently from a477093 to afb04dc Compare January 30, 2025 08:27

mend-for-github-com bot force-pushed the whitesource-remediate/snyk-1.x-lockfile branch from afb04dc to f8e9bf1 Compare February 4, 2025 11:24

mend-for-github-com bot force-pushed the whitesource-remediate/snyk-1.x-lockfile branch from f8e9bf1 to 7d63a18 Compare February 12, 2025 07:10

chore(deps): update dependency snyk to v1.1064.0

4399ef0

mend-for-github-com bot force-pushed the whitesource-remediate/snyk-1.x-lockfile branch from 7d63a18 to 4399ef0 Compare February 27, 2025 11:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency snyk to v1.1064.0 #6

chore(deps): update dependency snyk to v1.1064.0 #6

mend-for-github-com bot commented Nov 1, 2023 •

edited

Loading

mend-for-github-com bot commented Nov 1, 2023

chore(deps): update dependency snyk to v1.1064.0 #6

Are you sure you want to change the base?

chore(deps): update dependency snyk to v1.1064.0 #6

Conversation

mend-for-github-com bot commented Nov 1, 2023 • edited Loading

Release Notes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

What's Changed

Features

Features

Features

Features

Bug Fixes

Features

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Features

Features

Features

Bug Fixes

Features

Features

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Features

Features

Bug Fixes

Features

Features

Features

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

mend-for-github-com bot commented Nov 1, 2023 •

edited

Loading